[juniper] Sync juniper src data stream with beats (#692)

* Sync juniper src data stream with beats * Apply suggestions
elastic · Feb 17, 2021 · 4d76f4d · 4d76f4d
1 parent 3cc1aac
commit 4d76f4d
Show file tree

Hide file tree

Showing 11 changed files with 135 additions and 170 deletions.
diff --git a/packages/juniper/data_stream/srx/_dev/test/pipeline/test-atp.log-expected.json b/packages/juniper/data_stream/srx/_dev/test/pipeline/test-atp.log-expected.json
@@ -5,7 +5,6 @@
  "port": 80,
  "ip": "187.19.188.200"
  },
- "_temp_": {},
  "log": {
  "level": "informational"
  },
@@ -70,6 +69,9 @@
  },
  "@timestamp": "2013-12-14T16:06:59.134Z",
  "related": {
+ "user": [
+ "user1"
+ ],
  "hosts": [
  "www.mytest.com"
  ],
@@ -84,7 +86,7 @@
  },
  "event": {
  "severity": 14,
- "ingested": "2020-12-03T23:08:17.811974900Z",
+ "ingested": "2021-02-17T09:45:36.608469800Z",
  "original": "http-host=\"www.mytest.com\" file-category=\"executable\" action=\"BLOCK\" verdict-number=\"8\" verdict-source=”cloud/blacklist/whitelist” source-address=\"10.10.10.1\" source-port=\"57116\" destination-address=\"187.19.188.200\" destination-port=\"80\" protocol-id=\"6\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" policy-name=\"argon_policy\" username=\"user1\" session-id-32=\"50000002\" source-zone-name=\"untrust\" destination-zone-name=\"trust\"",
  "kind": "alert",
  "module": "juniper",
@@ -109,9 +111,11 @@
  "type": "firewall",
  "vendor": "Juniper"
  },
- "_temp_": {},
  "@timestamp": "2016-09-20T17:43:30.330Z",
  "related": {
+ "user": [
+ "admin"
+ ],
  "hosts": [
  "host.example.com"
  ],
@@ -142,7 +146,7 @@
  },
  "event": {
  "severity": 14,
- "ingested": "2020-12-03T23:08:17.811985700Z",
+ "ingested": "2021-02-17T09:45:36.608490200Z",
  "original": "timestamp=\"Thu Jun 23 09:55:38 2016\" tenant-id=\"ABC123456\" sample-sha256=\"ABC123\" client-ip=\"192.0.2.0\" verdict-number=\"9\" malware-info=\"Eicar:TestVirus\" username=\"admin\" hostname=\"host.example.com\"",
  "kind": "alert",
  "module": "juniper",
@@ -167,7 +171,6 @@
  "type": "firewall",
  "vendor": "Juniper"
  },
- "_temp_": {},
  "@timestamp": "2016-09-20T17:40:30.050Z",
  "related": {
  "hosts": [
@@ -200,7 +203,7 @@
  },
  "event": {
  "severity": 11,
- "ingested": "2020-12-03T23:08:17.812027400Z",
+ "ingested": "2021-02-17T09:45:36.608499700Z",
  "original": "timestamp=\"Thu Jun 23 09:55:38 2016\" tenant-id=\"ABC123456\" client-ip=\"192.0.2.0\" hostname=\"host.example.com\" status=\"in_progress\" policy-name=\"default\" th=\"7\" state=\"added\" reason=\"malware\" message=\"malware analysis detected host downloaded a malicious_file with score 9, sha256 ABC123\"",
  "kind": "alert",
  "module": "juniper",
@@ -221,7 +224,6 @@
  "port": 80,
  "ip": "10.0.0.1"
  },
- "_temp_": {},
  "log": {
  "level": "notification"
  },
@@ -297,7 +299,7 @@
  },
  "event": {
  "severity": 165,
- "ingested": "2020-12-03T23:08:17.812037900Z",
+ "ingested": "2021-02-17T09:45:36.608506400Z",
  "original": "hostname=\"dummy_host\" file-category=\"executable\" verdict-number=\"10\" malware-info=\"Testfile\" action=\"PERMIT\" list-hit=\"N/A\" file-hash-lookup=\"FALSE\" source-address=\"1.1.1.1\" source-port=\"60148\" destination-address=\"10.0.0.1\" destination-port=\"80\" protocol-id=\"6\" application=\"HTTP\" nested-application=\"N/A\" policy-name=\"test-policy\" username=\"N/A\" roles=\"N/A\" session-id-32=\"502156\" source-zone-name=\"Inside\" destination-zone-name=\"Outside\" sample-sha256=\"e038b5168d9209267058112d845341cae83d92b1d1af0a10b66830acb7529494\" file-name=\"dummy_file\" url=\"dummy_url\"",
  "kind": "event",
  "module": "juniper",